Death raises some questions regarding US Attorney’s tactics

Published 4:53 pm, Monday, January 21, 2013

One can never know what drives another person to suicide, especially someone who, like Internet-freedom activist Aaron Swartz, suffered from crippling depression. In the aftermath of his death last week, it is unfair for his supporters to pin the blame on U.S. Attorney Carmen Ortiz, whose office was prosecuting Swartz on a variety of criminal charges, or the Massachusetts Institute of Technology, which by some accounts encouraged the government to take a tough line.

At the same time, the fact that Swartz’s death was his own choice does not mean the U.S. Attorney’s Office and the university acted properly. Ortiz’s office, at least, did not; the government was far too intent on giving Swartz prison time for offenses that appear quite minor on close examination.

Swartz, 26, was a computer prodigy. He gained fame as the creator of RSS, a widely used protocol for sharing content on the Web, and as the co-creator of the social news website Reddit. But fatefully, Swartz was arrested in 2011 when, while on a fellowship at Harvard, he tapped into MIT’s computer networks to download nearly 5 million academic journal articles and other documents from JSTOR, a database that makes such files readily available to researchers at member universities.

There is, in fact, a legitimate need to broaden public access to academic research — at least to the significant portion of it that is funded with public money. But Swartz, who saw himself as using guerrilla tactics to make information freely available, clearly knew he was doing something improper; at one point, authorities say, he disguised his face while entering a wiring closet at MIT to keep downloading articles.

The question is, how serious an offense was all this? Unfortunately, the federal laws that define certain computer-related crimes are open-ended enough to make potential felonies out of a vast range of activities — from hacking for private financial gain, which is clearly worthy of punishment, down to far more ambiguous cases involving, for instance, the unauthorized use of legitimate passwords. The more latitude prosecutors have in such cases, the more vital it is that they use discretion in applying it.

Yet Swartz’s reputation likely preceded him. He had come to the FBI’s attention in 2008, when he tried to release the contents of the federal government’s database of public court records by exploiting a free trial. In that case, no charges were filed. In the MIT case, prosecutors played hardball. In September, the government added nine more felony counts to an original four. What Swartz seemed to see as civil disobedience — taking advantage of a loosely guarded research service widely available at universities — looked to federal prosecutors like wire fraud, computer fraud, and unauthorized computer access.

The potential penalties were daunting and could well have terrified him: a $1 million fine and 35 years in prison. He could have risked a trial, which would have been costly and could end badly. Or, as one of his lawyers told reporters, he could have taken a bargain that would have involved pleading guilty to 13 felonies and spending about six months in prison.

Yet even that shorter sentence would have been excessive. Swartz gave back the files he’d duplicated; JSTOR, the clearest victim in the case, declined to take action against him and urged the government to do the same; the service later decided to make many of the articles he had downloaded more broadly available for free.

MIT’s role, meanwhile, remains unclear. Swartz’s lawyers have maintained the university blocked a plea deal that would have avoided a prison term; MIT is not commenting pending an internal investigation ordered by president Rafael Reif, who took office last year. But if MIT officials did support the government’s hard line, they were wrong to do so. Swartz’s abuse of the university’s facilities was akin to trespassing — a charge that might merit a modest fine and court-ordered community-service. The sentence should prompt MIT, JSTOR, and all other owners of computer networks and intellectual property to consider how aggressively they want federal agents to enforce their terms of service.

It seems quite likely that the US attorney’s office wanted to make a harsh example of one high-profile defendant in order to serve as a deterrent to others. But doing so can be deeply unfair to the defendant involved, and lead to punishments well out of proportion to the relevant crimes. It also puts unjustified pressure on such defendants to plead guilty simply to avoid the possibility of a life-altering sentence.

In piling on 13 charges and thereby threatening Swartz with up to 35 years in prison, Ortiz’s office went way, way too far. Congress and the courts must reassess the legal statutes that make such eye-popping prison sentences possible in murky cases of unauthorized computer use. In the meantime, the Justice Department must also understand that some electronic intrusions are more harmful than others and prosecute its cases accordingly.